Originally posted on Panther’s website. 

Over the past few weeks I’ve been asked by a few colleagues, customers and partners about how cyber attacks will look in the future and what are the key “themes” to watch out for. Here are my thoughts.

The “Edge” is under attack

We see repeated targeted attacks on various edge devices and not only on traditional PCs and servers. Hackers are targeting IoT devices deployed within organizations, as they understand that these are often the weakest link in the organization.

On top of that, we see that supply-chain attacks are on the rise, as again and again, malicious actors realize that one way to circumvent the “perimeter security” set by enterprises is to look for an entry point from within.

Third-party products (software and hardware) received via the supply chain, are weak spots that malicious actors can take advantage of, and use as an easy entry point.


Characteristics of recent infamous attacks

Analyzing recent attacks such as SolarWinds, it becomes clear that organizations can’t rely on securing the product and devices they develop on their own – they must take responsibility of their supply chains’ security.

This should not come as a surprise – to drive innovation and cut time-to-market, products (especially software) are becoming more assembled than developed from scratch.

These third party components are integrated with internally developed software to create the final product. If not secured, these components could put at risk  the devices or networks on which they operate.

Another issue we can learn is that it takes long months for these big, targeted attacks to be detected. In all the major attacks, we saw that the attackers spent months (sometimes even years) in the vulnerable network, before detection.


A glance into the future

Unfortunately, it is safe to say that there will be an increase in cyber attacks in the future. With more data and greater connectivity driving our day-to-day lives (both as consumers and businesses), malicious actors will find new opportunities to access high-value assets.

What we are starting to see today will likely be the norm in the future – cyber attacks will no longer target PCs, servers and networks, but will take advantage of all connected edge devices that can be either a target on their own or most likely an entry point that enables attacks towards higher-value assets.

Smartphones, smartwatches, connected vehicles and smart sensors are just a few examples of such edge devices that would likely become the focus of targeted attacks in the future.

On top of that, we’ll likely start to see Artificial Intelligence (AI) based attacks. That means that malware, ransomware, etc. are being created by an AI code and not by humans, which will make them easier to develop and reproduce.


How to stay prepared

Below are three areas of focus for organizations looking to get ahead of cyber attacks:

  1. Get full visibility of ALL your assets – How can you mitigate risks residing in your products and systems if you don’t have complete visibility into all the software and hardware assets you have? Maintain a detailed asset inventory, with visibility into its underlying composition, so your security team can mitigate any risks lurking within.
  2. Secure your supply chain – The reliance on 3rd parties brings tangible cybersecurity challenges. Independently validate the composition and security of your 3rd party components and assets to reveal any hidden risk. Work with your suppliers to advance their security posture over time.
  3. Invest in prevention AND detection – preventing cyber risks is the right way to go but nothing is perfect. You need to ensure you can detect cyber threats once they get through your defense layers. These could be network monitoring solutions that reveal suspected traffic generated by malware, end-point solutions tracking anomalous edge device behavior that may indicate they’ve been compromised or threat intelligence gathering operation that reveal vulnerabilities and upcoming risks that may impact your assets.

By Slava Bronfman

Cybellum CEO and co-founder. An experienced cybersecurity and automotive leader and entrepreneur. working with automotive OEMs and suppliers worldwide on implementing risk assessment solutions. An official representative of the Standards Institution of Israel in the ISO 21434 standard technical committee, leading ISO21434 Use-Case TF, and a member of the NTIA Software Component Transparency working group, working on future standardization of Software BoM. An automotive software risk Assessment and ISO\SAE21434 evangelist, regularly presenting in automotive conferences and organizations.